From 110356c12e8ff8f9a1d2e858f533cc611b9bcfd1 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Mon, 18 Mar 2024 18:03:53 +0100 Subject: [PATCH 1/3] Don't add empty Organization to Subject string --- .../X509Certificates/CertificateAuthority.cs | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs index 184d8a62e99366..6a03d7d16b5491 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs @@ -179,7 +179,7 @@ internal X509Certificate2 CreateOcspSigner(string subject, RSA publicKey) subject, publicKey, TimeSpan.FromSeconds(1), - new X509ExtensionCollection() { s_eeConstraints, s_eeKeyUsage, s_ocspResponderEku}, + new X509ExtensionCollection() { s_eeConstraints, s_eeKeyUsage, s_ocspResponderEku }, ocspResponder: true); } @@ -950,12 +950,10 @@ private static string BuildSubject( PkiOptions pkiOptions, bool includePkiOptions) { - if (includePkiOptions) - { - return $"CN=\"{cn}\", O=\"{testName}\", OU=\"{pkiOptions}\""; - } + string pkiOptionsPart = includePkiOptions ? $", OU=\"{pkiOptions}\"" : ""; + string testNamePart = !string.IsNullOrWhiteSpace(testName) ? $", O=\"{testName}\"" : ""; - return $"CN=\"{cn}\", O=\"{testName}\""; + return $"CN=\"{cn}\"" + testNamePart + pkiOptionsPart; } } } From 007310996b0d210a90359bc362e27387b94c1733 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Mon, 18 Mar 2024 18:04:06 +0100 Subject: [PATCH 2/3] Make sure testName is populated when creating test PKI --- .../FunctionalTests/CertificateValidationRemoteServer.cs | 8 +++++--- .../FunctionalTests/SslStreamCertificateContextTests.cs | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs index 3c088e8863d592..846e8c2dcdb0da 100644 --- a/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs +++ b/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs @@ -7,6 +7,7 @@ using System.Net.Sockets; using System.Net.Test.Common; using System.Reflection; +using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates.Tests.Common; @@ -187,7 +188,8 @@ static bool CertificateValidationCallback( private async Task ConnectWithRevocation_WithCallback_Core( X509RevocationMode revocationMode, bool? offlineContext = false, - bool noIntermediates = false) + bool noIntermediates = false, + [CallerMemberName] string testName = null) { string offlinePart = offlineContext.HasValue ? offlineContext.GetValueOrDefault().ToString().ToLower() : "null"; string serverName = $"{revocationMode.ToString().ToLower()}.{offlinePart}.server.example"; @@ -195,14 +197,14 @@ private async Task ConnectWithRevocation_WithCallback_Core( (Stream clientStream, Stream serverStream) = TestHelper.GetConnectedStreams(); CertificateAuthority.BuildPrivatePki( - PkiOptions.EndEntityRevocationViaOcsp | PkiOptions.CrlEverywhere, + PkiOptions.CrlEverywhere, out RevocationResponder responder, out CertificateAuthority rootAuthority, out CertificateAuthority[] intermediateAuthorities, out X509Certificate2 serverCert, + testName: testName, intermediateAuthorityCount: noIntermediates ? 0 : 1, subjectName: serverName, - keySize: 2048, extensions: Configuration.Certificates.BuildTlsServerCertExtensions(serverName)); CertificateAuthority issuingAuthority = noIntermediates ? rootAuthority : intermediateAuthorities[0]; diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamCertificateContextTests.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamCertificateContextTests.cs index 38f6a84c360f74..d2dceacce55651 100644 --- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamCertificateContextTests.cs +++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamCertificateContextTests.cs @@ -26,6 +26,7 @@ public static async Task Create_OcspDoesNotReturnOrCacheInvalidStapleData() out CertificateAuthority rootAuthority, out CertificateAuthority[] intermediateAuthorities, out X509Certificate2 serverCert, + testName: nameof(Create_OcspDoesNotReturnOrCacheInvalidStapleData), intermediateAuthorityCount: 1, subjectName: serverName, keySize: 2048, From 0c1824900893185bb3de5b94402dce0ec204c163 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Mon, 18 Mar 2024 18:08:02 +0100 Subject: [PATCH 3/3] Minor changes --- .../Cryptography/X509Certificates/CertificateAuthority.cs | 2 +- .../tests/FunctionalTests/CertificateValidationRemoteServer.cs | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs index 6a03d7d16b5491..beb32116171200 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs @@ -950,8 +950,8 @@ private static string BuildSubject( PkiOptions pkiOptions, bool includePkiOptions) { - string pkiOptionsPart = includePkiOptions ? $", OU=\"{pkiOptions}\"" : ""; string testNamePart = !string.IsNullOrWhiteSpace(testName) ? $", O=\"{testName}\"" : ""; + string pkiOptionsPart = includePkiOptions ? $", OU=\"{pkiOptions}\"" : ""; return $"CN=\"{cn}\"" + testNamePart + pkiOptionsPart; } diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs index 846e8c2dcdb0da..588c2d3160b8c1 100644 --- a/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs +++ b/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs @@ -197,7 +197,7 @@ private async Task ConnectWithRevocation_WithCallback_Core( (Stream clientStream, Stream serverStream) = TestHelper.GetConnectedStreams(); CertificateAuthority.BuildPrivatePki( - PkiOptions.CrlEverywhere, + PkiOptions.EndEntityRevocationViaOcsp | PkiOptions.CrlEverywhere, out RevocationResponder responder, out CertificateAuthority rootAuthority, out CertificateAuthority[] intermediateAuthorities, @@ -205,6 +205,7 @@ private async Task ConnectWithRevocation_WithCallback_Core( testName: testName, intermediateAuthorityCount: noIntermediates ? 0 : 1, subjectName: serverName, + keySize: 2048, extensions: Configuration.Certificates.BuildTlsServerCertExtensions(serverName)); CertificateAuthority issuingAuthority = noIntermediates ? rootAuthority : intermediateAuthorities[0];